Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dozens of ‘Luca Stealer’ Malware Samples Emerge After Source Code Made Public

Security researchers have observed an uptick in new Luca Stealer samples after the malware’s source code was made public.

Coded in Rust, the malware was initially observed in early July 2022, when its developer posted the source code on cybercrime forums, likely in an effort to boost their reputation.

Security researchers have observed an uptick in new Luca Stealer samples after the malware’s source code was made public.

Coded in Rust, the malware was initially observed in early July 2022, when its developer posted the source code on cybercrime forums, likely in an effort to boost their reputation.

The developer has since expanded the information stealer’s capabilities and also published the source code on GitHub. More than 25 Luca Stealer samples have been observed in the wild since the code was made public, security researchers at Cyble say.

Luca Stealer can extract information from numerous Chromium-based browsers, but also targets messaging applications, crypto wallets, and other applications. Furthermore, it has been updated with file-stealing capabilities.

According to Cyble, the stealer has been updated at least three times since the beginning of July, and its developer has shared information on how others can modify the malware and compile the source code.

The researchers also note that multiple threat actors might have already engaged in the development of the stealer.

The threat is designed to collect system information – such as desktop environment, device name, operating system distribution, hostname, username, language, network interface name, number of CPUs, memory details, and running processes – and store it in a text file.

It can also steal login credentials, credit card data, and cookies from over 30 Chromium-based browsers; data from 10 cold cryptocurrency wallets; data from the browser extensions of password managers and crypto wallets; and information from Steam, Telegram, and Uplay applications. Targeted messaging applications include Discord, ICQ, Element, and Skype.

Initially, Luca Stealer exfiltrated data using a Telegram bot, but the developer has since added support for Discord webhooks.

At the moment, Luca Stealer only targets Windows systems, but Cyble’s researchers believe that the malware developer may soon leverage Rust’s cross-platform capabilities to release variants targeting other platforms as well.

“As the stealer is written in Rust and is released for free, we can expect it to be adopted by multiple threat actors across the world,” Cyble concludes.

Related: Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code

Related: Leaked Carbanak Source Code Reveals No New Exploits

Related: Source Code of New Iran-Linked Hacking Tool Posted Online

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.